Remarks 



Status of application 

Claims 1-22 and 25-45 were examined and stand rejected in view of prior art. 
The prior art rejections are discussed in detail below. In view of the following remarks, 
reconsideration of the prior art rejections is respectfully requested. 

The invention 

Applicant's invention comprises a computer-implemented system and 
methodology for specifying and enforcing entitlements for performance of financial 
transactions (see e.g., Applicant's specification, paragraph [0013], paragraphs [0043]- 
[0044], paragraphs [0055]-[0056], paragraph [0059]; also see generally, e.g.. Fig. 1, Fig. 
2, Fig. 3; Figs. 5A-B). Applicant's methodology includes providing a hierarchical 
entitlement structure with inheritance for specifying entitlements for performing financial 
transactions (see e.g.. Applicant's specification, paragraph [0013], paragraph [0045], 
paragraph [0063], paragraphs [0066]-[0068], paragraph [0073], paragraph [0079], 
paragraph [0112]; also see, e.g.. Fig. 4; Fig. 5A at 501-503), receiving user input for 
defining a plurality of entitlement groups of said hierarchical entitlement structure (see 
e.g., Apphcant's specification, paragraph [0013], paragraphs [0046]-[0047], paragraph 
[0049], paragraph [0067], paragraph [0073], paragraphs [0079]-[0080], paragraph [0153]; 
also see, e.g.. Fig. 4; Fig. 5 A at 501-502), wherein each entitlement group has specified 
permissions to perform financial transactions, limits on performance of said financial 
transactions, and membership of each user (see e.g.. Applicant's specification, paragraph 
[0013], paragraph [0044], paragraphs [0046]-[0047], paragraph [0049], paragraphs 
[0066]-[0068], paragraph [0073], paragraph [0081];also see, e.g.. Fig. 4; Fig. 5A at 503), 
in response to a particular user request to perform a financial transaction at runtime, 
identifying the particular user's membership in a certain entitlement group (see e.g., 
Applicanfs specification, paragraph [0013], paragraphs [0046]-[0047], paragraph [0082]; 
also see, e.g.. Fig. 5A at 504-505), and determining whether to allow the particular user 
to perform the financial transaction based on permissions and limits of said hierarchical 
entitlement structure applicable to the particular user's performance of the financial 



9 



transaction (see e.g., Applicant's specification, paragraph [0013], paragraphs [0046]- 
[0047], paragraphs [0083]-[0085]; also see, e.g.. Figs. 5A-B at 506-511). 

Prior Art Rejections 

A. First Section 103 Rejection: Win and Rowe 

Claims 1, 4-5, 7-8, 10-16, 18-22 and 25-45 stand rejected under Section 103(a) 
and unpatentable over U.S. Patent 6,1261,139 to Win (hereinafter "Win") in view of U.S. 
Published Application 2002/0029339 of Rowe (hereinafter "Rowe"). The Examiner 
continues to rely on Win's general teachings of role-based administrative privileges as 
being substantially equivalent to Applicant's claimed invention. However, Applicant's 
invention has specific features including a hierarchical structure for specifying and 
enforcing entitlements (including permissions and limits) for performing financial 
transactions that distinguish Applicant's claimed invention fi-om Win as well as the 
secondary Rowe reference in a significant number of respects. Some of these significant 
differences with respect to the specific claim limitations of Applicant's claims are 
discussed below. 

Initially, Applicant's claimed invention utilizes a hierarchical structure with 
inheritance for specifying and enforcing entitlements for performing financial 
transactions that is particularly usefiil in banking and other financial applications. This 
feature is specifically described, for example, in Applicant's claim 1 which includes the 
following claim limitations: 

A method implemented in a computer system for specifying and enforcing 
entitlements for performance of financial transactions, the method comprising: 
in a computer system having at least a processor and memory, providing a 
hierarchical entitlement structure with inheritance for specifying entitlements for 
performing financial transactions : 

(Applicant's claim 1, emphasis added) 

Applicant's hierarchical entitlement structure includes a hierarchy of entitlement 
groups in which a given subordinate group inherits attributes from its parent (i.e., 
superior) group (see e.g.. Applicant's specification, paragraph [0045]; also see e.g.. Fig. 
5A at 501-502). The inheritance from above is negative (i.e., restrictive) in nature (see 
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e.g., Applicant's specification, paragraph [0045]; also see, e.g., paragraph [0112]; also see 
e.g.. Fig. 5A at 503). The root node resides at the top of the inheritance hierarchy, 
serving as an administrator who may perform all fiinctions in the system (see e.g., 
Applicant's specification, paragraph [0045]). As the entitlement hierarchy of Applicant's 
solution is traversed downward from the root, additional restrictions are applied to 
subordinate roles; subordinate roles cannot have greater permissions than their parent 
(see e.g., Applicanf s specification, paragraph [0045]; see also, paragraph [0068]). 

Win's access control system does not include a comparable hierarchical 
entitlement structure with inheritance , nor does it relate to the performance of financial 
transactions. The first teachings of Win referenced by Examiner in the Final Rejection 
(page 3, re: claim 1) for the corresponding teachings simply describe that users may have 
various roles as follows: 

Users are individuals who have a relationship with an organization and play 
various roles, and are registered in the system 2. Users may be members of an 
organization, or may be customers, suppliers, or business partners of the 
organization. 

(Win, column 4, lines 22-26) 

As illustrated above. Win makes no mention of any sort of hierarchical structure, 
inheritance, or entitlements for performing financial transactions. 

The Examiner also references the following teachings of Win as corresponding to 
Applicant's claim limitations of a hierarchical entitlement structure with inheritance: 

A Role may reflect a relationship of a User to the organization (employee, 
customer, distributor, supplier), their department within an organization (sales, 
marketing, engineering) or any other affiliation or fiinction (member of quality 
task force, hotline staff member) that defines their information needs and thus 
their access rights or privileges. 

(Win, column 5, lines 2-8) 

Again, Win simply describes conventional role-based permissions and makes no mention 
of a "hierarchical entitlement structure" or "inheritance" or of "entitlements for 

performing financial transactions" . Respectfully, Rowe's teachings of role-based 
permissions are not at all comparable to Applicant's claim limitations. 
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The Examiner does acknowledge that Win provides no teaching of entitlement 
groups having specified limits on the performance of financial transactions and 
membership of each user (Final Rejection, page 3, re: claim 1) as provided, for instance, 
in the following claim limitations of Applicant's claim 1 : 

receiving user input for defining a plurality of entitlement groups of said 
hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions, limits on performance of said 
financial transactions, and membership of each user : 
in response to a particular user request to perform a financial transaction at 
runtime, identifying the particular user's membership in a certain entitlement 
group; and 

determining whether to allow the particular user to perform the financial 
transaction based on permissions and limits of said hierarchical entitlement 
structure applicable to the particular user's performance of the financial 
transaction. 

(Applicant's claim 1, emphasis added) 

Therefore, the Examiner turns to Rowe as providing the corresponding teachings 
admittedly not provided by Win. However, Rowe's teachings are distinguishable in a 
number of respects as discussed below. 

Rowe describes a solution for opening a new bank or financial account with a 
financial provider electronically (Rowe, paragraph [0012], paragraphs [0028]-[0029]). 
As part of Rowe's methodology for establishing an account, a "value limit" is assigned to 
the account (Rowe, paragraph [0012]). This value limit is the maximum amount of fimds 
what will be held in the account, which is typically the amount of the initial deposit into 
the account (Rowe, paragraph [0040]). Thus, Rowe's value limit is a single number 
associated with a given financial account (e.g., bank account) and is not a limit that is 
tied to an entitlement group . In fact, Applicant's review of Rowe finds no mention of 
defining entitlement groups (or of roles) or the type and amount of financial transactions 
that may be performed by members of such entitlement groups. Additionally, Rowe 
makes no mention of a hierarchical entitlement structure with inheritance . With 
Applicant's claimed invention, in contrast, users are members of entitlement groups of a 
hierarchical entitlement structure, with each group having specified permissions and 
limits for performing financial transactions. The entitlements that may be specified and 
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enforced with Applicant's claimed invention include whether members of a given 
entitlement group are allowed to perform certain financial transactions (e.g., create wire 
transactions) as well as dollar limits on performance of such transactions (see e.g., 
Applicant's specification, paragraph [0044]). 

Additionally, the limits enforced by Applicant's invention include collective limits 
which apply to multiple entitlement groups as provided, for example, in the following 
limitations of Applicant's dependent claim 12: 

The method of claim 1, wherein said step of defining a plurality of entitlement 
groups includes defining limits applying collectively to a particular entitlement 
group and children entitlement groups of said particular entitlement group in said 
hierarchical entitlement structure. 

(Applicant's claim 12, emphasis added) 

These features of Applicant's invention allow an organization to define and enforce 
limitations applicable to the CFO of an organization as well as all those in the 
organization that report to the CFO. The limits applicable to the CFO apply collectively 
to the entitlement group including the CFO as well as to members of other child 
entitlement groups in the hierarchical structure (i.e., groups under the CFO) such that 
they cannot collectively spend more than the limit specified for the CFO (see e.g.. 
Applicant's specification, paragraph [0047]). For example, limits may be defined using 
Applicant's invention such that the CFO of an organization and all users in (child) 
entitlement groups underneath the CFO in the entitlement structure (e.g., users in 
accounts receivable, accounts payable and controller groups reporting to the CFO) are 
collectively subject to a limit of $50,000 per day and $100,000 per month (see e.g., 
example at Apphcant's specification, paragraph [48]). Rowe's solution does not allow 
limits to be defined in this fashion. 

In the Final Rejection (page 4, re: claim 12), the Examiner references the 
following teachings of Win as being comparable to the above-claimed features of 
Applicant's invention: 

The Role Admin privilege may be delegated to owners of a particular resource, 
for example the technical support database. Administrators in the Technical 
Support Department would be able to control who has access to that resource by 
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assigning or removing roles associated with that resource irom user accounts. The 
list of roles that may be managed by an administrator with this privilege is limited 
to the roles that have been assigned to their associated Admin Role record. 

(Win, col. 16, lines 59-67) 

As illustrated in the above text, Win makes no mention of a hierarchical entitlements 
structure in which a particular entitlement group has a child entitlement group . Instead, 
Win simply describes assigning or removing roles associated with a resource. 
Additionally, Win makes no mention of limits on the performance of financial 
transactions, whether such limits are being applied to one or more entitlement groups 
(roles) or otherwise. In fact, as discussed above, the Examiner acknowledges that Win 
does not include teachings of limits on performance of financial transactions. Given that 
the Examiner admits Win does not teach limits on performance of financial transactions 
in general, it is obvious that Win also cannot teach defining limits which apply 
collectively to more than one entitlement group as provided in the limitations of 
Applicant's claim 12 . 

Applicant's solution also allows one to define both per-transaction limits and 
limits that are cumulative over a period of time as provided, for example, as limitations of 
Applicant's claim 8: 

The method of claim 1 , wherein said step of defining a plurality of entitlement 
groups includes defining limits comprising a selected one of per-transaction limits 
and cumulative limits over a period of time . 

(Applicant's claim 8, emphasis added) 

Limits for each entitlement group can be established per-transaction as well as per day, 
per week and/or per month for each type of activity being performed by members of a 
given entitlement group) (see e.g., Applicant's specification, paragraph [0151]; see also 
paragraph [0047]). For example, members of a "mass market consumer" group may be 
allowed to pay bills up to a maximum amount of $500 per bill, with a maximum 
cumulative limitation of $2,000 per week, while members of an "affluent consumer" can 
pay up to $1,000 per bill, up to $5,000 per week and may perform external transfers of up 
to $10,000 per month. 
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The Examiner argues that Rowe provides equivalent teachings (Final Rejection, 
bottom page 3- top page 4, re: claim 8). However, Rowe only provides for a single value 
limit that is assigned to a given account (not a user or role and certainly not multiple 
entitlement groups) and provides that the account may expire at a given point in time 
(Rowe, paragraphs 12 and 14). Respectfully, Applicant fails to understand how this is at 
all analogous to Applicant's claim limitations of cumulative limits applying over a period 
of time to users having membership in a given entitlement group. 

All told. Win and Rowe, even when combined, do not provide a solution 
including a hierarchical entitlement structure which enables one to define and enforce 
permissions and limits for performing financial transactions. Additionally, neither 
reference includes teachings of a hierarchical entitlement structure with inheritance in 
which a particular group inherits entitlements (e.g., permissions and limits) fi-om another 
(superior) entitlement group. The combined references also do not enable one to defining 
both per transaction limits and cumulative limits over a period of time for each type of 
activity being performed for entitlement groups of the hierarchical entitlement structure. 
Therefore, as the Win and Rowe references, even when combined, do not teach or 
suggest all of the claim limitations of Applicant's claims, it is respectfully submitted that 
claims 1, 4-5, 7-8, 10-16, 18-22 and 25-45 (as well as other claims) distinguish over the 
combined references and the rejection under Section 103 should not be sustained. 

B. Second Section 103 rejection: Win, Rowe and Barkley 

Claims 2-3, 6, 9 and 17 stand rejected under Section 103 based on Win (above) in 
view of Rowe (above) and further in view of US Patent 6,202,066 of Barkley 
("Barkley"). As to these claims the Examiner adds Barkley for its teachings regarding 
inheritance among roles. However, Barkley fails to cure the above-described deficiencies 
of Win and Rowe as to Applicant's invention. 

As previously described. Applicant's claimed invention provides for a hierarchy 
of entitlement groups in which entitlements (e.g., permissions and limits) are inherited by 
child groups fi-om other (parent) groups above it in the hierarchical structure (see e.g.. 
Applicant's specification, paragraph [0045]; see also, e.g.. Fig. 5A at 501-503). 
Significantly, Applicant's approach is to structure such inheritance negatively so as to 
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apply restrictions as one goes down in the hierarchical entitlements structure (see e.g., 
Applicant's specification, paragraph [0045]). With Applicant's solution the root node 
residing at the top of the inheritance structure, for example, has all permissions and may 
perform all functions in the system (Applicant's specification, paragraph [0045]). As the 
hierarchy is traversed downward, additional restrictions are applied (Applicant's 
specification, paragraph [0045]). This approach of restricting inherited permissions is 
included, for instance, as limitations of Applicant's dependent claim 3 as follows: 

The method of claim 2, wherein said step of defining a plurality of entitlement 
groups includes restricting permissions inherited by an entitlement group fi-om its 
parent entitlement group in said hierarchical entitlement structure . 

(Applicant's claim 3, emphasis added) 

Thus, Applicant's solution provides for top-down inheritance in which an 
entitlement group inherits permissions fi-om its parent, but typically subject to restrictions 
on such permissions. Although Barkley discusses that one role may inherit fi-om another 
role. Barklev takes a bottom-up, rather than a top-down, approach to inheritance . Thus, 
Barklev in fact teaches awav from Applicant's top-down inheritance approach . As 
described at column 9, lines 48-51 of Barkley, a "manager" role has its own permissions 
and also inherits those permissions of its "subordinates" (Barkley, column 9, lines 48-51). 
Thus, Barkley describes expanding permissions through inheritance rather than restricting 
them. Another example of Barkley's bottom-up approach to inheritance is described at 
column 12, lines 19-26 which describes a financial advisor role inheriting privileges from 
an account rep role, such that the financial advisor has the permissions necessary to 
fimction as an account rep (Barkley, column 12, lines 19-26). There is nothing in 
Barkley to teach or suggest that the lower account rep role includes all the privileges of 
the higher financial role with limitations. Applicant's review of Barkley finds that while 
Barkley discusses various roles having different object access privileges (e.g., to read, 
write or delete certain objects), it does not include teachings of restricting permissions 
inherited from its parent in a hierarchical entitlement structure. Given Barkley's bottom- 
up approach to inheritance, this is not surprising. Additional restrictions would not 
usually be applied to managers, for example, on privileges that they inherit fi-om lower 
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level subordinates. 

The hierarchical structure of Applicant's claimed invention is a manner of 
structuring entitlements (e.g., permissions and limits) in a tree form in which the root (all 
permissions) is at the top, child nodes inherit permissions from parent nodes above, and 
the permissions inherited by a child from its parent are restricted as one traverses down 
the entitlement tree structure. In contrast, when one looks at the teachings of Barkley 
regarding inheritance, it is clear that with Barkley's solution managers (i.e., the parent 
role), inherit permissions held by subordinate employees (children). As shown at Fig. 5 
of Barkley, and described at col. 13, lines 41-49, the "financial advisor" role inherits read 
permissions from "employee" and "account rep" roles as follows: 

The Read permission for the files within the accounts directory is granted as a 

result of the fact that financial advisor inherits account rep, which has Read 

permission as a result of the definition of the accounts OAT. Also, 

financial advisor has Read permission on the file empl info as a result of the fact 

that financial advisor inherits employee and employee has Read permission for 

all files associated with the employee_read OAT, as is the case for the file 

emplinfo 

(Barkley, column 13, lines 41-49) 

Barkley's also states that while the financial advisor role inherits permissions 

from the account rep role, the financial advisor role may also have additional 
permissions (Barkley, column 10, lines 50-55). Thus, rather than restrict the inherited 
permissions, the Barkley structure expands the permissions of higher-level roles by 
having them inherit from lower level roles. Respectfully, it is clear from this discussion, 
as well as review of the balance of the reference, that Barkley describes bottom-up. not 
top-down inheritance and thus teaches away from Applicant's claimed invention. 

Any dependent claims not explicitly discussed are believed to be allowable by 
virtue of dependency from AppUcant's independent claims, as discussed in detail above. 

Conclusion 

Applicant also requests the Examiner to reconsider the prior art rejections based 
on the remarks set forth herein. 
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If for any reason the Examiner feels that a telephone conference would in any way 
expedite prosecution of the subject application, the Examiner is invited to telephone the 
undersigned at 925 465 0361. 

Respectfiilly submitted, 

Date: October 23, 2009 /G. Mack Riddle/ 

G. Mack Riddle, Reg. No. 55,572 
Attorney of Record 

925 465-0361 

925 465-8143 FAX 
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